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Abstract 



A microcomputer which is operable in either an internal program mode, wherein the microcomputer 
functions in accordance with an internally stored program, or in an external program mode, wherein the 
microcomputer functions in accordance with a program stored in a memory external to the microcomputer, 
provides internal RAM security during the external program mode. The microcomputer includes an internal 
program memory for internally storing programs; a bus for connection to an external memory for carrying 
programs from the external program memory; a nonsecure RAM for storing nonsecure data; a secure RAM 
for storing secure data; a central processing unit for processing the stored data and/or externally provided 
data either in accordance with the internally stored programs or in accordance with programs stored in the 
external memory; and a controller for controlling interconnections between the internal program memory, the 
bus, the RAMs and the central processing unit in accordance with the mode of operation of the 
microcomputer; wherein during the external program mode, the controller inhibits access to the secure RAM. 
Code for accessing the secure data stored in the secure RAM is contained in a program stored in the 
internal program memory. The microcomputer is ideally suited for performing cryptographic operations 
utilizing cryptographic keys stored in or derived from the secure memory. 
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© Microcomputer with internal RAM security during external program mode. 

<g) A microcomputer which is operable in either an internal 
program mode, wherein the microcomputer functions in ™ 
accordance with an internally stored program, or in an external 
program mode, wherein the microcomputer functions in 
accordance with a program stored in a memory external to the 
microcomputer, provides internal RAM security during the 
external program mode. The microcomputer includes an 
internal program memory for internally storing programs; a bus 
for connection to an external memory for carrying programs 
from the external program memory; a nonsecure RAM for 
storing nonsecure data; a secure RAM for storing secure data; 
a central processing unit for processing the stored data and/or 
externally provided data either in accordance with the internally 
stored programs or in accordance with programs stored in the 
external memory; and a controller for controlling interconnec- 
tions between the internal program memory, the bus, the RAMs 
and the central processing unit in accordance with the mode of 
operation of the microcomputer; wherein during the external 
program mode, the controller inhibits access to the secure 
RAM. Code for accessing the secure data stored in the secure 
RAM is contained in a program stored in the internal program 
memory. The microcomputer is ideally suited for performing 
cryptographic operations utilizing cryptographic keys stored in 
or derived from the secure memory. 
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Description 

MICROCOMPUTER WITH INTERNAL RAM SECURE DURING EXTERNAL PROGRAM MODE 



BACKGROUND OF THE INVENTION 

The present invention generally pertains to micro- 
computers and is particularly directed to providing 
security for data stored in the microcomputer when 
the microcomputer is operated in an external ^ 

^microcomputer essentially includes an internal 
program memory for internally storing programs; a 
bus for carrying data to and from the m«™om- 
puter; a random access memory (RAM) for storing 
data; a central processing unit for processing m* is 
stored data and/or data received over the bus .n 
accordance with the internally stored programs, and 
Lontrolierforcontroiling interconnect^ 

the internal program memory the bus the ^RAM and 

the central processing unit .n accordance with the 20 

mode of operation of the microcomputer. 

For microcomputers that do not have ar . external 
program mode, wherein the operat.cn of the , m.cro- 
comouter is in accordance with a program stored n 
an Tntema memcry, ,he security of the data stored ,n 25 
thermal RAM is under the control <^l££" 
stored in the internal memory, and thereby security 
of such data may be assured. However internal 
memory size is limited and may be enlarged on* up 
to ^certain point at which further expans.on Is not 3D 
economically feasible because of increased j s.licon 
area and cost. Thus, for many appl.cat.ons. a 
microcomputer having an external program mode of 
operation is preferred for economic reasons. 
Tn a prior art microcomputer having an external 35 
program mode of operation, the bus is connected to 
external memories for carrying programs from an 
external program memory and for carrying data from 
an external data memory; and the contro lie. 
connects the bus to the internal RAM dunng ^ the 40 
external program mode. Thus, operat.on of a prior 
art microcomputer in the external program mode 
Affords an intruder access to the ent.re mternai 
RAM whereby sensitive data (such as access 
codes,Shen«oators. or secure variables) stored in 45 
the internal RAM may be accessed from outs.de the 
microcomputer and thereby compromised. 



SUMMARY OF THE INVENTION ^ 

The present invention provides a microcomputer 
which is operable in either an internal program 
mode, wherein the microcomputer funct.ons n 
accordance with an internally stored program or in 
an external program mode, wherein the m.crocom- 55 
puter functions in accordance with a Program stored 
in a memory external to the microcomputer, wrthout 
compromising the security of data stored n a 
designated internal RAM. The microcomputer of the 
present invention includes an internal program 60 
memory for internally storing programs; a bus tor 
connection to an external memory for carrymg 
programs from the external memory; a nonsecure 



RAM for storing nonsecure data; a secure RAM or 
storing secure data; a central process.ng unrt for 
processing the stored data and/or external y pro- 
vided data either in accordance with the .nternally 
stored programs or in accordance with prog^ms 
stored in the external memory; and a controHer for 
controlling interconnections between the mtema 
program memory, the bus. the ^f^f!^ 
processing unit in accordance w.th the mode of 
operation of the microcomputer, where.n dunng the 
external program mode, the controller nh.brts 
access to the secure RAM. Code for access.ng the 
secure data stored in the secure RAM is contained 
in a program stored in the internal program memory. 

The microcomputer of the present mvent.on ,s 
ideally suited for performing cryptograph.c oper- 
ations. For cryptographic operat.ons, the mternai 
orooram memory stores a program for performing 
c^tSaphic operations upon data and the secure 
RAM stores cryptographic key data requ.red for 
performing the cryptographic operations 

Additional features of the present .nvent.or. are 
described in relation to the descnpt.on of the 
preferred embodiment. 

BRIEF DESCRIPTION OF THE DRAWING 

The figure of the drawing is a diagram of a 
nreferred embodiment of the microcomputer of the 
SeXntion coupled to an external program 
memory. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

Referring to the Drawing, the preferred embodi- 
menf of the microcomputer 10 of the presen 
invention includes a central process.ng «™t^> 
19 an internal program memory 14, a nonsecure 
RAM 16 a secure RAM 18. buses 20, 22 and 24 
respectively connected to ports A. B. and C. and a 
controHer The controller includes a memory-ac- 
cessed^ unit 26 a mode .control 
register 28. a port A data reg.ster 30 a port B da a 
register 32. a port C data register 34. a first tr.-state 
bus driver 36 coupling the port A data raster £ to 
the port A data bus 20, a second tn-state bus driver 
38 coupling the memory-access-and-penpher^ 
contro. unit 26 to the port A oata bus 20. a third 
tri-state bus driver 40 coupling the port B data 
reader 32 to the port B data bus 22, a fourth 
S bus driver 42 coupling the • memory-access- 
and-peripheral-control unit 26 to the port B ^dat .bus 
% a fifth tri-state bus driver 44 coupling the port C 
Sta register 34 to the port C data bus 24. and a s.xth 
folate bus driver 46 coupling the memo^-access 
and-oeripheral-control unit 26 to the port C data bus 
24 The fourth tri-state bus driver 42 is bid rect.onaf 
Ail of the other bus drivers are unidirect.onal jd 
transfer data onto the respecfve port A B and C 
buses 20. 22, 24 from the microcomputer iu. 
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The mode control register 28 provides a signal on 
line 48 indicating whether the microcomputer is in an 
internal program mode or an external program mode 
of operation. The mode indication signal on line 48 
enables access to the secure RAM 18 during the 5 
internal program mode of operation and inhibits 
access to the secure RAM 18 during the external 
program mode of operation. 

The port A bus 20 is a 2-bit control bus, which 
provides memory timing controls. The port B bus 22 10 
is a multiplexed address/data bus, providing eight 
address bits and eight-bits of data for bidirectional 
transfer. The port C bus 24 provides eight additional 
address bits. 

An external program memory 50 is coupled to the 15 
port A, B, and C buses 20, 22, and 24 of the 
microcomputer 10 by a 16-bit address bus 52, an 
address latch 54, an 8-bit data bus 56, an address 
latch enable line 58 and a memory enable line 60. 

Additional input/output memory, or other periphe- 20 
ral devices may share the buses 20, 22, 24 along with 
the external program memory 50, given appropriate 
address decoding and interface circuitry. In the 
external program mode, the microcomputer 10 is, in 
effect, a general purpose microprocessor. 25 

The CPU 12 receives reset and clock signals on 
lines 62 and 64 respectively. 

On reset, Instructions are fetched from the 
internal program memory 14; and the mode control 
register 28 is set to indicate the internal program 30 
mode, and thereby provides a signal on line 48 that 
enables access to the secure RAM 18. Such an 
indication on line 48 also enables the bus drivers 36, 
40 and 44 to respectively transfer the contents of the 
port A data register 30 onto the port A bus 20, the 35 
contents of the port B data 32 register onto the port 
B bus 22, and the contents of the port C data 
register 34 onto the port C bus 24. At the same time 
the internal program mode indication on line 48 
inhibits the bus drivers 38, 42 and 46 from 40 
transferring data. When in the internal program 
mode, the CPU 12 has access to both the secure 
RAM 18 and the nonsecure RAM 16, as well as to all 
of the peripheral registers, including port A data 
register 30, port B data register 32, port C data 45 
register 34 and, mode control register 28. 

When operating in the internal program mode, all 
instructions are executed from the internal program 
memory 14; and internal bus activity is not ac- 
cessible at the pins of the microcomputer. In the 50 
internal program mode, access to external program 
memory is not possible. 

After power-up initialization is complete, program 
control may be passed to the external program 
memory 50 by first setting the mode control register 55 
28 to provide an external-program-mode indication 
signal on line 48 to inhibit access to the secure RAM 
18, and then branching externally via bus drivers 38, 
42 and 46. The external-program-mode indication 
signal on line 48 also Inhibits the bus drivers 36, 40 60 
and 44 from transferring data from the port A, B, and 
C data registers 30, 32 and 34 onto the port A, B, and 
C buses 20, 22 and 24. Program control may be 
returned to the internal program memory 14 simply 
by branching to it. 6t 



When in the external program mode, the micro- 
computer's internal address and data buses are 
interconnected by the bus drivers 38, 42 and 46 to 
the external program memory 50, and control of the 
microcomputer is transferred to the external pro- 
gram memory 50. In the external program mode, 
access to the nonsecure RAM is allowed, while 
access to the secure RAM 18 is inhibited. 

In a typical operating scenario, after system reset 
and initialization, control is passed to the external 
program memory 50. When data is available requir- 
ing authentication or comparison with variables 
stored In secure RAM 18, the data is written into the 
nonsecure RAM 16 and a branch is made to an entry 
point in the internal program memory 14. The mode 
control register 28 is then accessed to select the 
internal program mode, so that operations using 
secure data with nonsecure data may be performed. 
Internal secure routines are executed, with the 
results, if any, being written into the nonsecure RAM 
16. Finally, the mode control register 28 is accessed 
to select the external program mode, and a return is 
made to the calling routine in the external program 
memory 50. 

Whenever the program code provided from the 
external program memory 50 causes a switch to the 
internal program mode, any following instructions 
from the external program memory 50 are ignored, 
since the the switch to the internal program mode 
results in the mode control register 28 providing a 
mode indication signal on line 48 that inhibits the bus 
drivers 38, 42 and 46 from providing further access 
to the microcomputer by the external program 
memory 50. Since no device is available to place 
Instruction data on the internal operating bus, the 
resulting value of zero is interpreted by the CPU 12 
as a "do nothing" instruction. The microcomputer 
program counter then increments upwards until the 
first byte of the internal program memory 14 is 
reached, thus returning control to the internal 
program memory 50. 

When the microcomputer 10 is adapted for 
performing cryptographic operations the programs 
stored in the internal program memory 14 contain 
cryptographic routines; and cryptographic keys 
and/or data required for deriving cryptographic keys 
are stored in the secure RAM 18. A "master" 
program stored in the external program memory 50 
can utilize program subroutines stored in the 
internal program memory 14 to provide a "slave" 
cryptographic, processor. This master program may 
be made to cause such a cryptographic processor 
to encrypt and store data, authenticate a block of 
data, and/or derive a new key from a previously 
stored key. Initially, data to be operated on by the 
cryptographic processor is placed in the nonsecure 
RAM 16 by the master program; and then the 
program branches to the internal program memory 
16 for implementing the cryptographic processor. 
Cryptographic routines first enable the secure RAM 
18; then access secure data, such as cryptographic 
keys, from the secure RAM 18; next perform 
cryptographic operations on the data; and finally 
store any results of such cryptographic processing 
in the nonsecure RAM 16. The microcomputer 10 is 
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then switched back to the external program mode to 
allow the results to be accessed from the nonsecure 
memory 16 and to allow further processing in the 
external program mode. 

Preferably, the internal program memory ' 14 Is i 
read-only memory (ROM). The secure RAM 18 of the 
microcomputer may be provided 
(CMOS with battery backup, or EEPROM. for 
example). The secure RAM 18 of the m.crocomputer 
may then be loaded with secure data at one physical 
location and later shipped to another location where 
all but properly authorized transactions are pro- 
hibited. 



Claims 



1 A microcomputer that is operable in either 
an internal program mode, wherein the micro- 
computer functions in accordance with an 
internally stored program, or in an externa 
program mode, wherein the m.crocomputer 
functions in accordance with a program stored 
in a memory external to the microcomputer, 
said microcomputer comprising 
an internal program memory for internally 
storing programs; 

a bus for connection to an external memory for 
carrying programs from said external program 

memory; «^*+«. 
a nonsecure RAM for storing nonsecure data, 
a secure RAM for storing secure data; 



10 



15 



20 



25 



30 



35 



a central processing unit for processing said 
stored data and/or externally provided data 
either in accordance with said internally stored 
programs or in accordance with programs 
stored in said external memory ; and 
means for controlling interconnections bet- 
ween the internal program memory, the bus the 
RAMs and the central processing unit in 
accordance with the mode of operation of the 
microcomputer; 

wherein during said external program mode, the 
controlling means inhibits access to the secure 

R/ 5> M A microcomputer according to Claim 1, 
wherein the controlling means comprise 
a mode control register for indicating the 
program mode; and ^ . . 

a bus driver coupled to the mode control 
register for interconnecting the microcomputer 
with the bus to receive programs carried from 
the external memory over the bus during only 
the external program mode. 

3 A microcomputer according to Claim i, 
wherein the internal program memory stores a 
program for performing cryptographic oper- 
ations upon data; and wherein the secure RAM 
stores secure cryptographic key data required 
for performing said cryptographic operations. 

4 A microcomputer according to Claim i, 
wherein the internal program memory stores a 
program containing code for accessing secure 
data from the secure RAM. 
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